Hello,All

;============================
mov    eax, dword ptr
cmp    byte ptr , 0CCh
jz    founddebug           
     
lea    eax, dword ptr
push  eax
push  dword ptr
Call  dword ptr

.IF    eax ==  0                            ; -> win95
mov    ecx,fs:[20h]
jecxz  @F
jmp    founddebug                 
@@:   
.ELSE                                      ; -> win98, NT, 2k, XP
CAll  EAX
or    eax, eax
jz    @F
jmp  founddebug                 
@@:
.ENDIF
;============================
if IsDebuggerPresent has hooked, the result will be wrong.

please guide for trusty method
Posted on 2006-02-14 21:03:24 by dcskm4200
dcskm4200,

Unfortunately, there is no one technique which works in all instances. Fact is, with time and effort, all applications can be reverse engineered depending on how persistant the person is. So, my suggestion is that if you plan to persue this, do a lot of reading on the many possible techniques used.. here's a starting point for ya, and good luck.

http://pb.specialised.info/all/articles/antid.txt
http://www.codecomments.com/A86_Assembler/message152138-1.html
http://www.anticracking.sk/coding.html

Also, this has been discussed several times over on this forum, try searching the forum....
http://www.asmcommunity.net/board/index.php?topic=5672.0
and
http://www.asmcommunity.net/board/index.php?topic=5664.msg40427

should give you some insite.

Regards,
Bryant Keller
Posted on 2006-02-15 16:44:20 by Synfire
Hello,Synfire
That's all of my need information.

Thank you very much.
Posted on 2006-02-15 19:05:37 by dcskm4200